Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/121#discussion_r107336586
--- Diff:
extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java
---
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.cas.ticket;
+
+import com.google.inject.Inject;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.GuacamoleSecurityException;
+import org.apache.guacamole.GuacamoleServerException;
+import org.apache.guacamole.auth.cas.conf.ConfigurationService;
+import org.jasig.cas.client.authentication.AttributePrincipal;
+import org.jasig.cas.client.validation.Assertion;
+import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
+import org.jasig.cas.client.validation.TicketValidationException;
+
+/**
+ * Service for validating ID tickets forwarded to us by the client,
verifying
+ * that they did indeed come from the CAS service.
+ */
+public class TicketValidationService {
+
+ /**
+ * Service for retrieving CAS configuration information.
+ */
+ @Inject
+ private ConfigurationService confService;
+
+ /**
+ * Validates and parses the given ID ticket, returning the username
contained
+ * therein, as defined by the username claim type given in
+ * guacamole.properties. If the username claim type is missing or the
ID
+ * ticket is invalid, an exception is thrown instead.
+ *
+ * @param ticket
+ * The ID ticket to validate and parse.
+ *
+ * @return
+ * The username contained within the given ID ticket.
+ *
+ * @throws GuacamoleException
+ * If the ID ticket is not valid, the username claim type is
missing, or
+ * guacamole.properties could not be parsed.
+ */
+ public String processUsername(String ticket) throws GuacamoleException
{
+ AttributePrincipal principal = null;
+
+ // Retrieve the configured CAS URL and establish a ticket validator
+ String casServerUrl = confService.getAuthorizationEndpoint();
+ Cas20ProxyTicketValidator sv = new
Cas20ProxyTicketValidator(casServerUrl);
+ sv.setAcceptAnyProxy(true);
+ try {
+ String confRedirectURI = confService.getRedirectURI();
+ Assertion a = sv.validate(ticket, confRedirectURI);
--- End diff --
Can you clean up and comment the logic here? I see you say:
// Retrieve the configured CAS URL and establish a ticket validator
but there seems to be more going on here than that. What is `sv`? The
ticket validator? What are we doing with that ticket validator which results in
us ultimately returning the username?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
